Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/BDiNQGp6uvky-DDtUcQLdosEYN0.roa
File:                     BDiNQGp6uvky-DDtUcQLdosEYN0.roa (raw, json)
Hash identifier:          0NogRCUIsKCGCzPVQ8z3hPuWGX/QsuYho9QJ7QUnNSw=
Subject key identifier:   04:38:8D:40:6A:7A:BA:F9:32:F8:30:ED:51:C4:0B:76:8B:04:60:DD
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       0199F0E933E8D39487315222D5353DBD9662
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/BDiNQGp6uvky-DDtUcQLdosEYN0.roa
Signing time:             Fri 17 Oct 2025 06:43:58 +0000
ROA not before:           Fri 17 Oct 2025 06:43:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        79.172.200.0/23 maxlen: 24
                          79.172.250.0/23 maxlen: 24
                          87.229.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f0:e9:33:e8:d3:94:87:31:52:22:d5:35:3d:bd:96:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Oct 17 06:43:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04388d406a7abaf932f830ed51c40b768b0460dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a2:6e:2b:dd:e0:1f:7f:ab:52:30:72:37:2e:
                    cf:9d:11:95:91:ef:1a:3d:75:d6:e7:23:18:59:3e:
                    b1:b7:6e:93:50:93:aa:46:81:78:91:75:7f:da:97:
                    7d:eb:99:ff:de:9b:b9:5e:7d:13:e2:a9:50:f9:87:
                    6a:1a:ec:a2:36:35:66:93:36:97:cb:b6:73:55:0d:
                    a6:5b:19:b6:fd:65:f1:9e:60:36:14:12:ca:71:58:
                    63:27:09:d3:44:18:d9:d0:4a:f7:10:ad:f8:f4:40:
                    19:31:a0:47:fa:9b:d2:6a:a5:2c:f7:74:27:9d:89:
                    1d:42:bf:96:bc:dd:69:1b:47:d8:8f:2b:db:0f:ed:
                    28:3d:8a:fe:6a:d7:1d:24:2c:04:25:b8:7d:1a:9a:
                    3e:d5:ff:9d:59:f6:12:24:3a:69:b9:04:d1:a1:31:
                    f0:a2:ea:72:c9:0b:dd:f4:67:8d:6a:b2:69:f9:b9:
                    84:62:d7:8f:e0:15:9a:97:ef:2f:88:95:75:21:d5:
                    70:3e:1c:d2:f1:b5:65:be:47:d8:e7:bb:e6:1c:82:
                    d5:b0:be:3d:f9:85:97:e0:57:8b:c3:4c:f3:21:14:
                    4d:9e:5f:45:49:75:fb:ef:b9:3f:17:dc:57:22:34:
                    21:bd:e2:1d:e8:59:fc:b4:db:b5:72:43:2c:04:28:
                    31:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:38:8D:40:6A:7A:BA:F9:32:F8:30:ED:51:C4:0B:76:8B:04:60:DD
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/BDiNQGp6uvky-DDtUcQLdosEYN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.200.0/23
                  79.172.250.0/23
                  87.229.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9c:8e:bf:83:f0:e3:c2:a1:33:68:14:74:ab:6d:16:d9:cb:22:
         23:27:9e:ab:14:1d:ba:85:21:a7:f9:5a:34:05:74:0e:b3:34:
         1e:c9:d4:fe:a2:5a:2f:b0:b2:ca:72:1b:63:2a:ec:9a:31:a2:
         4c:22:ce:b1:f6:e1:f4:b1:ee:a5:8c:68:4b:84:5c:fb:b3:51:
         29:04:d8:43:84:21:b3:7e:20:c4:cd:b5:8c:36:06:3f:53:2b:
         64:49:cf:73:50:3a:ee:5e:b0:f3:16:46:c4:e7:c1:d1:02:d6:
         19:a4:dd:1e:6a:94:01:63:ca:74:5a:bf:ff:17:00:e3:6e:d2:
         21:c7:be:2d:8b:f1:f4:9d:71:44:13:ad:2d:2a:d3:aa:27:7f:
         b6:d6:af:79:38:52:5a:44:0c:06:c4:21:4c:fc:b2:55:2f:74:
         cd:1a:0e:b6:b6:e6:f7:09:91:3a:56:2d:f7:50:7a:55:d1:f4:
         5f:0a:b1:ba:af:dd:4e:8c:4e:83:55:f8:5a:90:e2:65:16:e5:
         d3:2e:7c:af:76:21:3c:c7:15:90:6c:e9:be:42:85:8b:3a:f7:
         e1:28:a8:b2:b1:fb:38:cf:8f:d1:6d:c2:67:74:e7:5f:5f:4f:
         0d:6a:90:90:bf:3e:14:96:9b:72:29:f2:e3:32:84:c8:12:4c:
         05:e2:ca:06
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZnw6TPo05SHMVIi1TU9vZZiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUxMDE3MDY0MzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDM4OGQ0MDZhN2FiYWY5MzJmODMwZWQ1MWM0MGI3NjhiMDQ2MGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6JuK93gH3+rUjByNy7PnRGVke8a
PXXW5yMYWT6xt26TUJOqRoF4kXV/2pd965n/3pu5Xn0T4qlQ+YdqGuyiNjVmkzaX
y7ZzVQ2mWxm2/WXxnmA2FBLKcVhjJwnTRBjZ0Er3EK349EAZMaBH+pvSaqUs93Qn
nYkdQr+WvN1pG0fYjyvbD+0oPYr+atcdJCwEJbh9Gpo+1f+dWfYSJDppuQTRoTHw
oupyyQvd9GeNarJp+bmEYteP4BWal+8viJV1IdVwPhzS8bVlvkfY57vmHILVsL49
+YWX4FeLw0zzIRRNnl9FSXX777k/F9xXIjQhveId6Fn8tNu1ckMsBCgx8QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAQ4jUBqerr5Mvgw7VHEC3aLBGDdMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvQkRpTlFHcDZ1dmt5LUREdFVjUUxkb3NFWU4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBT6zIAwQB
T6z6AwQCV+UIMA0GCSqGSIb3DQEBCwUAA4IBAQCcjr+D8OPCoTNoFHSrbRbZyyIj
J56rFB26hSGn+Vo0BXQOszQeydT+olovsLLKchtjKuyaMaJMIs6x9uH0se6ljGhL
hFz7s1EpBNhDhCGzfiDEzbWMNgY/UytkSc9zUDruXrDzFkbE58HRAtYZpN0eapQB
Y8p0Wr//FwDjbtIhx74ti/H0nXFEE60tKtOqJ3+21q95OFJaRAwGxCFM/LJVL3TN
Gg62tub3CZE6Vi33UHpV0fRfCrG6r91OjE6DVfhakOJlFuXTLnyvdiE8xxWQbOm+
QoWLOvfhKKiysfs4z4/RbcJndOdfX08NapCQvz4UlptyKfLjMoTIEkwF4soG
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:46 2025 by rpki-client